Pages

Ads 468x60px

February 19, 2012

Android Permissions Black Book

On Android, Permissions are a powerful way of seeing what apps can do (and not necessarily what they do). Only unfortunate part is that there is no way to review permissions easily and definitely no way to modify them through official means. But there are apps which can help us in doing that.

Superuser: Most dangerous, no idea what all the app can do if this permission is given. Be careful and use the superuser app to revoke permissions. Also would be advisable to never remove notifications.

Install Packages: Very dangerous

Full internet access: Absense of internet access can avoid a lot of privacy issues, but a lot of apps do require this to function

Read logs / Read sensitive logs: Few apps should be needing this

Use Credentials, Manage Accounts: Most apps shouldn't require it

Read/modify Gmail: Not sure which apps would legitimately require it

Discover Known Accounts: Be careful, but many apps seem to require it

Read phone state and identity (IMEI, IMSI): I do not like my IMEI number to be known to everybody

Modify/delete SD card contents

Fine (GPS) location and Coarse (network-based) location: Location tagging is increasing, but I do not like it; I would like my locations to be private. I personally keep GPS disabled, unless really required.

So you are worried about permissions but do not know how to check and then change? Don't worry, I will tell you how!There are various apps which can help to modify permissions, but be aware that they can potentially crash apps. For ex. Blocking internet access on a twitter client is pointless and could crash the app, but blocking phone state permission might work fine.

View permissions:

System: Go to Settings\Apps. Then click any app – you can see the permissions

Permission Explorer (free): A better alternative and more powerful. Can browse by app names, permission category and permission names. Great!

Pocket permissions (Paid): Explains permissions and ability to search for apps by permissions. IMO, not really required, as you can get the same effect through other means. Still, it could be a great first start.

LBE Privacy Guard (Free, root required): This app works in a different way to LBE, but the end effect is somewhat similar. Does not require reboot, but requires a running service, which I am not very comfortable with.
Note: The app requires internet permission. If you are uncomfortable then you can either block through firewall (recommended) or revoke through Permissions Denied.

Another future alternative (XDA): The author here stated that he will release an alternative to Permissions Denied/LBE, but has unfortunately lost his job. Might be worth to check it out if/when it is released.

Privacy blocker (Paid, root not required): This is a different app in the sense that it actually modifies apk files and fudges data. This means that the app needs to be uninstalled and reinstalled, which will delete user data. Also, this will need to be repeated every time the app is updated. But on the positive side, it does not require root.

Note: If you are really worried about privacy and data usage and have root, the best thing to do is to use a firewall. Everything else, including the above mentioned apps, should come second. I think Droidwall (free, root required) is the best app for this. Avast works, but I just found that (at least in EOS ICS 1.0) it switches off when Xoom goes to standby and apps can access the net (apps could access data in the background).

Hopefully this will give you some insight on app permissions in android and the tools to manage them effectively.